UNPKG

@dax-crafta/auth

Version:

A powerful, flexible, and secure authentication plugin for the Crafta framework. Supports JWT, social login, 2FA, RBAC, audit logging, and enterprise-grade security features.

github.com/daxp472/crafta

daxp472/crafta

65 lines (50 loc) 2.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
// packages/auth/src/utils/password-policy.js const zxcvbn = require('zxcvbn'); class PasswordPolicy { constructor(config = {}) { this.config = { minLength: config.minLength || 8, requireUppercase: config.requireUppercase !== false, requireLowercase: config.requireLowercase !== false, requireNumbers: config.requireNumbers !== false, requireSpecialChars: config.requireSpecialChars !== false, passwordHistory: config.passwordHistory || 5, expiryDays: config.expiryDays || 90, minStrength: config.minStrength || 3 }; } validate(password, userInfo = {}) { const errors = []; if (password.length < this.config.minLength) errors.push(`Password must be at least ${this.config.minLength} characters long`); if (this.config.requireUppercase && !/[A-Z]/.test(password)) errors.push('Password must contain at least one uppercase letter'); if (this.config.requireLowercase && !/[a-z]/.test(password)) errors.push('Password must contain at least one lowercase letter'); if (this.config.requireNumbers && !/\d/.test(password)) errors.push('Password must contain at least one number'); if (this.config.requireSpecialChars && !/[!@#$%^&*(),.?":{}|<>]/.test(password)) errors.push('Password must contain at least one special character'); const strength = zxcvbn(password, [userInfo.email, userInfo.name]); if (strength.score < this.config.minStrength) errors.push('Password is too weak. Please choose a stronger password'); return { isValid: errors.length === 0, errors, strength: strength.score }; } // History check moved to Model & AuthService allowsReuse(password, passwordHistory, bcrypt) { return Promise.all( passwordHistory.map(old => bcrypt.compare(password, old.hash)) ).then(matches => !matches.includes(true)); } isExpired(lastChange) { if (!this.config.expiryDays) return false; const expiryDate = new Date(lastChange.getTime() + this.config.expiryDays * 24 * 60 * 60 * 1000); return expiryDate < new Date(); } } module.exports = PasswordPolicy;